Configuring Rate limiting plugin


Hi all,

My Kong is hosted on EC2 listening to port 8000. I have a lambda@edge on AWS cloudfront which calls Kong to do rate limiting. I need to do rate limiting for a consumer and not apis.

So basically I just want Kong to send a response back to Lambda telling me if that user is under the limit or not. But I am having trouble configuring service for this as the upstream server for me is the cloudfront itself (The one making call to Kong via lambda@edge).

Is there a way to get around this?




I have another question. Is it required for a consumer to be authenticated if rate-limiting plugin is enabled? I currently have rate-limiting working but it is giving me 401 unauthorized.



regarding the second question

Is it required for a consumer to be authenticated

I would say that if you want to apply the rate limiting on a consumer, you need to know which consumers did the API call. Knowing ‘which consumer’ is indeed performing authentication, otherwise I cannot see how link a request to a consumer.



Yes I understand.

So I created a key corresponding to the consumer and while making a request I am putting apiKey:{apiKey generated by Kong} in header. But this is still giving me a 401 response.



Can someone help me out on this. apiKey is not getting authenticated.



Could you detail the 401 message that you receive to see if the no apikey is found or if the apikey is considered as invalid

Things to consider:

  • how did you configure the key-auth plugin
    • is it enabled globally, on a service or on a route ?
    • which header field is used to send/find the api key. It is apikey by default but could be configured with the config.key_names field.
  • check the credentials of your consumer.
  • check your API request to confirm that you put the right header (matching the plugin configuration) and that the key is the one found in the consumer credentials

It should help to find where is the configuration issue. If you cannot solve the issue, I will send you the API admin requests to perform the verification (but I cannot at the moment)